jacricelli · May 31, 2020 23:29 · May 31, 2020 · Nov 18, 2016 · Oct 24, 2016
diff --git a/forticlientsslvpn-expect.sh b/forticlientsslvpn-expect.sh
@@ -1,63 +1,69 @@
 #!/bin/bash
-
-# Forticlient SSL VPN Client launching script utilizing expect.
-
-# --------------------------------------------
-# CONFIGURATION
-
-# If empty - script will take some simple logic to locate appropriate binary.
-FORTICLIENT_PATH=""
-
-# VPN Credentials
-VPN_HOST="host:10443"
-VPN_USER="username"
-VPN_PASS="password"
-
-# --------------------------------------------
-
-trap ctrl_c INT
-
-function ctrl_c() {
-  echo "Removing left-over files..."
-  rm -f /tmp/expect
+
+# init only
+CONNECT_PID=""
+RUNNING=""
+
+# Provide required parameters
+FORTICLIENT_PATH="/opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli"
+VPN_HOST="<HOST:PORT>"
+VPN_USER="<USER_NAME>"
+VPN_PASS="<PASSWORD>"
+
+# Checks whether vpn is connected
+function checkConnect {
+    ps -p $CONNECT_PID &> /dev/null
+    RUNNING=$?
 }
-
-if [[ $EUID -ne 0 ]]; then
-  echo "This script must be run as root"
-  exit 1
-fi
-
-if [ -z "$FORTICLIENT_PATH" ]; then
-  FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)`
-  if [ ! -f $FORTICLIENT_PATH ]; then
-    echo "Tried to locate Forticlient SSL VPN Cli binary, but failed."
-    echo "Specify it at variable FORTCLIENT_PATH"
-    exit 1
-  fi
-  echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH"
-fi
-
-echo "Killing previous instances of Forticlient SSL VPN client..."
-killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null
-
-cat << EOF > /tmp/expect
-#!/usr/bin/expect -f
-match_max 1000000
-set timeout -1
-spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
-expect "Password for VPN:"
-send -- "$VPN_PASS"
-send -- "\r"
-
-expect "Would you like to connect to this server? (Y/N)"
-send -- "Y"
-send -- "\r"
-
-expect "Clean up..."
-close
-EOF
-
-chmod 500 /tmp/expect
-/usr/bin/expect -f /tmp/expect
-
-rm -f /tmp/expect
+
+# Initiates connection
+function startConnect {
+
+    # start vpn connection and grab its pid (expect script returns spawned vpn conn pid)
+    CONNECT_PID="connect"
+    eval $CONNECT_PID
+}
+
+# Creates an expect script to complete automated vpn connection
+function connect {
+
+    # write expect script to tmp location
+    cat <<-EOF > /tmp/expect
+        #!/usr/bin/expect -f
+        match_max 1000000
+        set timeout -1
+        spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
+        puts [exp_pid]
+        expect "Password for VPN:"
+        send -- "$VPN_PASS"
+        send -- "\r"
+ 
+        expect "Would you like to connect to this server? (Y/N)"
+        send -- "Y"
+        send -- "\r"
+ 
+        expect "Clean up..."
+        close
+        EOF
+     
+    #IMPORTANT!: the "EOF" just above must be preceded by a TAB character (not spaces)
+ 
+    # lock down and execute expect script
+    chmod 500 /tmp/expect
+    /usr/bin/expect -f /tmp/expect
+ 
+    # when expect script is finished (closes) clean up
+    rm -f /tmp/expect
+}
+ 
+startConnect
+ 
+# note this will not continuously loop, it will only loop if the spawned vpn connection drops
+# i.e. will only hit this code when expect closes
+while true
+do
+    # sleep a bit of time (why not, everyone needs sleep)
+    sleep 1
+    checkConnect
+    [ $RUNNING -ne 0 ] && startConnect
+done
diff --git a/forticlientsslvpn-expect.sh b/forticlientsslvpn-expect.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Forticlient SSL VPN Client launching script utilizing expect.
+
+# --------------------------------------------
+# CONFIGURATION
+
+# If empty - script will take some simple logic to locate appropriate binary.
+FORTICLIENT_PATH=""
+
+# VPN Credentials
+VPN_HOST="host:10443"
+VPN_USER="username"
+VPN_PASS="password"
+
+# --------------------------------------------
+
+trap ctrl_c INT
+
+function ctrl_c() {
+  echo "Removing left-over files..."
+  rm -f /tmp/expect
+}
+
+if [[ $EUID -ne 0 ]]; then
+  echo "This script must be run as root"
+  exit 1
+fi
+
+if [ -z "$FORTICLIENT_PATH" ]; then
+  FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)`
+  if [ ! -f $FORTICLIENT_PATH ]; then
+    echo "Tried to locate Forticlient SSL VPN Cli binary, but failed."
+    echo "Specify it at variable FORTCLIENT_PATH"
+    exit 1
+  fi
+  echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH"
+fi
+
+echo "Killing previous instances of Forticlient SSL VPN client..."
+killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null
+
+cat << EOF > /tmp/expect
+#!/usr/bin/expect -f
+match_max 1000000
+set timeout -1
+spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
+expect "Password for VPN:"
+send -- "$VPN_PASS"
+send -- "\r"
+
+expect "Would you like to connect to this server? (Y/N)"
+send -- "Y"
+send -- "\r"
+
+expect "Clean up..."
+close
+EOF
+
+chmod 500 /tmp/expect
+/usr/bin/expect -f /tmp/expect
+
+rm -f /tmp/expect
No results found